Malware Analysis Report

2024-09-09 13:37

Sample ID 240612-twza3s1fnb
Target a1518f6dafb754ebdeaf5c6981e61d29_JaffaCakes118
SHA256 5fd92591686e26c40015c3227f43e3405181fd9eddff6fa10588715510898719
Tags
discovery evasion impact persistence stealth trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

5fd92591686e26c40015c3227f43e3405181fd9eddff6fa10588715510898719

Threat Level: Likely malicious

The file a1518f6dafb754ebdeaf5c6981e61d29_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion impact persistence stealth trojan

Checks if the Android device is rooted.

Removes its main activity from the application launcher

Loads dropped Dex/Jar

Queries information about running processes on the device

Requests dangerous framework permissions

Makes use of the framework's foreground persistence service

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries information about active data network

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Queries the unique device ID (IMEI, MEID, IMSI)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 16:25

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Allows an application to write the user's calendar data. android.permission.WRITE_CALENDAR N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 16:25

Reported

2024-06-12 16:28

Platform

android-x86-arm-20240611.1-en

Max time kernel

176s

Max time network

130s

Command Line

com.nicole.sdkmoon

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/xbin/su N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /storage/emulated/0/.teapot-1364008328/p4.jar N/A N/A
N/A /storage/emulated/0/.teapot-1364008328/p4.jar N/A N/A
N/A /storage/emulated/0/.teapot-1364008328/p3.jar N/A N/A
N/A /storage/emulated/0/.teapot-1364008328/p3.jar N/A N/A
N/A /storage/emulated/0/.teapot-1364008328/p1.jar N/A N/A
N/A /storage/emulated/0/.teapot-1364008328/p1.jar N/A N/A
N/A /storage/emulated/0/.teapot-1364008328/p4.jar N/A N/A
N/A /storage/emulated/0/.teapot-1364008328/p1.jar N/A N/A
N/A /storage/emulated/0/.teapot-1364008328/p4.jar N/A N/A
N/A /storage/emulated/0/.teapot-1364008328/p1.jar N/A N/A
N/A /storage/emulated/0/.teapot-1364008328/p4.jar N/A N/A
N/A /storage/emulated/0/.teapot-1364008328/p1.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.nicole.sdkmoon

com.nicole.sdkmoon:dog_service

com.nicole.sdkmoon:dog_service

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/.teapot-1364008328/p4.jar --output-vdex-fd=65 --oat-fd=70 --oat-location=/storage/emulated/0/.teapot-1364008328/oat/x86/p4.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/.teapot-1364008328/p3.jar --output-vdex-fd=63 --oat-fd=70 --oat-location=/storage/emulated/0/.teapot-1364008328/oat/x86/p3.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/.teapot-1364008328/p1.jar --output-vdex-fd=57 --oat-fd=70 --oat-location=/storage/emulated/0/.teapot-1364008328/oat/x86/p1.odex --compiler-filter=quicken --class-loader-context=&

com.nicole.sdkmoon:proxy_service

ls -l /system/xbin/su

com.nicole.sdkmoon:proxy_service

com.nicole.sdkmoon:proxy_service

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 adlayt.cfglab.com udp
US 64.91.248.18:80 adlayt.cfglab.com tcp
US 1.1.1.1:53 ww12.cfglab.com udp
US 75.2.81.221:80 ww12.cfglab.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 hot.xsech.xyz udp
US 54.244.188.177:80 hot.xsech.xyz tcp
US 1.1.1.1:53 tk.adtsk.mobi udp
US 44.200.43.61:80 tk.adtsk.mobi tcp
US 54.244.188.177:80 hot.xsech.xyz tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp

Files

/data/data/com.nicole.sdkmoon/databases/cc/cc.db-journal

MD5 f9ddfd44303490a35a9b04434abb3ed6
SHA1 0e89cd415c59aca42a5bd5f87217a6f3d21a77d3
SHA256 64c897fa16f0748164437f61bbb2fff80bb4063b8683f2cd6ead55f8b918bd67
SHA512 e896c2c19f18d6c497c3d739897e9c28300950e379e1dff55f9ae3cbdd685b7ac7ccf895db55a6b906d27e17fff15309d5d4d64dd30e048c33aaf371d8dc2a5c

/data/data/com.nicole.sdkmoon/databases/cc/cc.db

MD5 5d7ea1a23af19b4340cc8d90f28297d5
SHA1 4cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA512 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

/data/data/com.nicole.sdkmoon/databases/cc/cc.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.nicole.sdkmoon/databases/cc/cc.db-wal

MD5 50c3c9d0c1e6754a7b198751b07f1dc4
SHA1 7ad24546bf1af597f2a363a34293bd00382f4ceb
SHA256 3da45441f3df06ef24a9d1982c10e0edbec8b99f8b59b945bba6f88868931110
SHA512 748e0ef88fce9e7f894a6ed874f354f96b2d06a7cbaf5b6df8e5dbfb740fdb87d956718acf3e283b77828dd3f3aa78509c5afd5c5060fc272e0e333e8ab3c25e

/storage/emulated/0/.teapot-1364008328/p1.jar

MD5 f4343d42a561922d590624d07c4d139f
SHA1 81451ea5e1818ff8ffbb51c62cd638e56ace92fa
SHA256 408f47b2a45858c418b1277d962ba4c7b0a88fa7729915ab96818a58a695c472
SHA512 23401825d8a24a7aa28eba68cee81fa3e68d4d0ffae4a5d89cb2a44deba59f613dea8229ef841c6753249b372333c8353091cc6cedf9afeeaa64078342fed0c9

/storage/emulated/0/.teapot-1364008328/p3.jar

MD5 a3d96f7f321a3928262788df5a7e7dea
SHA1 62f01be413ef3a26fc60654f95c484b5d66576a5
SHA256 adf99270ed3c95afe59365623807965205cf9d852a62d15d27de1da50d59e376
SHA512 f1f01173c7264afff2f6721df329980c4e32c90aa01ece5376e661fe6c02e48cc90734b8bbf9e3984800e26a6adf3581783537823a0ef6d955368bdb12f4b79b

/storage/emulated/0/.teapot-1364008328/p4.jar

MD5 bc85b12655de531728f8c6671c65b7d6
SHA1 d56cf4d7206817884435e431cc692d94c3954550
SHA256 ca90b0a4ec6b5bc9576d8578057702b2a6f56dff7f41ef23204e58140fbcf9d7
SHA512 d8239e987fcd8dd23c62bf50edc6471a6a5b70fa96cc7c0ea6b9c223e0b5377641ec9c7beb707b0247e9ecb7b89144c6a07ccd70eec0d78ead63bb226b60af56

/data/data/com.nicole.sdkmoon/files/umeng_it.cache

MD5 26a0cd7a3f78c203f33642d618dcd76e
SHA1 a1fde7dc95bda090255fb5a0b0f121d78d62a884
SHA256 ba08f24676ef1477482546391281882d4a73228efdcf82a46f5cd6c89d5b2340
SHA512 3a0694b165f7e94d30864c17da332462fe4cdfa6cac5bca316100f130585290b89be8a6be57aab0d922743b219b0cc7d1587baf38ecb8c80cb99e787b6ed9350

/data/data/com.nicole.sdkmoon/files/.umeng/exchangeIdentity.json

MD5 0fff91003a08f4aaa965edae0af03fb8
SHA1 5166c817eebcace5f8c516b495518bd7366f6945
SHA256 c09c5348645aaa6cb8be744e9df8f81b95757f0eb4197d4aec51ddeaaa7bc0f8
SHA512 f05d6b00d4f2e78806622a9fba20e365ec4340db4bae5f8b78932688e50f82ce9bcf9a5209f90f7fd3067f8f9b0e4300930d6d506428d1118ea8225922c1a132

/data/data/com.nicole.sdkmoon/databases/cc/cc.db-wal

MD5 addc89567c1a7c5423a9aaeac7a66970
SHA1 bfa9e55885be91a859e0705a4652da8e1b7b89bd
SHA256 4a4acd0467d741583c39960a358ca5dffd73656902284a6f54aaf4ee84386176
SHA512 4071652de756fadbc99fbfbe97ab4c31bc7bb11ee31fa54dc743bd220ccbb05de818eda4cb4208cfde78e7c757c7b6a23b381f486fc010a9fb96db3415ce54e7

/data/data/com.nicole.sdkmoon/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/data/data/com.nicole.sdkmoon/files/mobclick_agent_cached_com.nicole.sdkmoon1

MD5 97fcbec96109b402e21b4e45db3758ae
SHA1 b27b85a82f757464cc933bd9fc8932a2dd1ac8b5
SHA256 3119754b51451d65eb95ac5e368c861a8d6e045a29e1c035b60551de827e0faf
SHA512 1caef743181e5607787ef1a90e50cbac31fc8ffe44adfce075085fd49b5be85c8d1fb14646114211a4e4377560653a9361e8c6ebd95fba64df5ef427a21e0c43

/storage/emulated/0/.teapot-1364008328/p4.jar

MD5 a283be10f33c65d63da3b33a79fbde31
SHA1 32e100729d75151ed8f55cf43bf1a99924f9acb3
SHA256 ae337d6a8048b3c58a1eee084866a97b03360a5799c262a6a4071012284f5f80
SHA512 42b51a83a7aef421b19f49f617e316a7b1ddefae53aa1cac85514cf1befd1fee864b823e2331089bcd84225d1901a37da14df63251d3a2cd354a8c0b5b3cc7d5

/storage/emulated/0/.teapot-1364008328/p4.jar

MD5 6c1c7d2cee58f00fca68d01a4a608749
SHA1 e323ec3a0149d47cb2df8a2cf2a1a419c9fa04b0
SHA256 99af8a58ba6eb01a19ca70cc4a8daef05509e8f6ca309e17e31b36142a3d2f76
SHA512 941bf43374d79389090bf6c600e8865de122a55bb58a355dc853f0dfe130c3d6793c3f99013fd1ed522fd22671b9a51141e34cd370de49e69e07006bdf5e7ecb

/storage/emulated/0/.teapot-1364008328/p3.jar

MD5 73c9f0f489ad01bf603ad3551afa66ce
SHA1 5aed3ec02883deb2b4d2406b4b8cf7c999bf2d38
SHA256 0a6c9055d54fbca58339ed6837575c8244712fad7f55ab368e50f68f3dc8eccc
SHA512 4001af02e19551285b43f90386f215964dd9bf1e87b7596c66f64e884c5bb314360777bf7325c66d5d6dec1278ae4702ea730f9b5f65b9e10307daf065e37d56

/storage/emulated/0/.teapot-1364008328/p3.jar

MD5 356220d3cbc7df0dab67f5eb575cdd54
SHA1 8f67e5cdd4c2ab25d9ceec00b569f65314429b62
SHA256 8fbde92c60de70a496f1b2cf51018b4553e47d63f1d1d253c47c8facd4d98a09
SHA512 7f1336a4af92ccfcc8344ef68a60544f0fdebf8f89687f69d321b5b8b12e3ca4f2b996ef081682c16826a87260213ca921e4c4ea03d8e5685bcdd437e70ce2b4

/storage/emulated/0/.teapot-1364008328/p1.jar

MD5 10700be83f3356588e410d245c59b808
SHA1 729384d7eebc41a46fd61469014ab5449457822f
SHA256 6d0031de569a271501b08aa397e058d7247cec0073213c3efdfb3400d264e7ae
SHA512 c87e7f6cde9e94d72b70760f663e37c1f2247b0eda48d97744da9c5b7ddc2b9b4db97c3bc592acdbb764bfc504066b9322d8524bfddc75d15fbddd75fe038de0

/storage/emulated/0/.teapot-1364008328/p1.jar

MD5 7e8aaf7ffae02f451e04115b1acc078f
SHA1 6729f2cd4413c765b529342355ce5b8d4c0f7afb
SHA256 a907d3414797c573c9db7ae5e58320cd42d61c5f5487aafacd47f5eca56605f9
SHA512 865901d58a1c5fe2bf7a62d26041ec5941a40d4cf8325bf7b2d2c6e44b1cbddba992cfb95c126ca81894b88a9dededec8e5327ff347c2f35b9a5a8126b064038

/data/data/com.nicole.sdkmoon/files/pvgxuf

MD5 8efaa6c7c1f8e9bf248c61e1ec659c10
SHA1 e95bed8262caeb921ddf057e4d24d0bf3152eed2
SHA256 f4c1f39fdcf134a86698f849ea7abaee4db15f2406da31e9686773c1a787c8ca
SHA512 9636a7dbafd1f17fe74fd2347f4fe3c7e61feb3d65640cabf544e6157d7109d9d046e8d9e02882352e2c1e1748db2e8becb8c6255742517c10345d6961877e2d

/data/data/com.nicole.sdkmoon/files/pvgxuf

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.nicole.sdkmoon/files/.um/um_cache_1718209579742.env

MD5 48adb8a83f2439a51d08b9684ef0192e
SHA1 56fe3da89eadb299e5f66ab4677da508bac476f8
SHA256 fe330b8b1f0185b213e813ca2d8926a2b516731eae601ed53dd48dbfc78020ed
SHA512 a34ff32275063bc5b0b7ee3e557887fc2b0593e82d1324d0d7ce596eca5c5a2e9cd237326159b88eb61596156716e2648783472a44d0f6be6e053997b858da02

/data/data/com.nicole.sdkmoon/files/mobclick_agent_cached_com.nicole.sdkmoon1

MD5 7b2fae134af14c412585dee3048a44d5
SHA1 4d41de6fed0948a0d495b5e5c653bc18511eeb77
SHA256 69bdd6bfd94fa0e41f9c358d74a0d4ce35cb54a371c7e5dbd7f8e3b42782f995
SHA512 1e3941c53923b1733608cb4319b5fda37e62df79637108076823ff1481d10ed48c7cf800ff9739ce0cf41924e8eb89f9becfdcf48a8a28d6c9ee096606fcd385

/data/data/com.nicole.sdkmoon/databases/tanks.db-journal

MD5 c4c3f5ef7de2a5b94ef7a3292849a184
SHA1 6fc2a243277f2a0dfe1d80c23a404d409ea8adb8
SHA256 e3063689cb533f4bf2f24d5e15d3f7dc83fc98eb9508da708ec79ddd9486ff24
SHA512 5e0af620f309598f38ab4790927e6e18b2a6196f4a92e9acc6267e0e10ec03b470852f5163c5d5981c3be05b27e12bada0c3c44dc7e3ca02951d4752427fce25

/data/data/com.nicole.sdkmoon/databases/tanks.db

MD5 939cf45d3b3ad0f0c80e232e55919a0c
SHA1 cb06799fdb13a87ebe431f8207214fe745c66af9
SHA256 215d257f2dd07c942d3adf91c09e60d12a4dcacee467ac6578cf20c97d35f492
SHA512 3cc553dc400c0df10502ee416c094097bafecb6ec46af8098baed0e34edc5f5fd80b8a4cddf57770dd02675c651088883a6decb8f3ff84a564ab6826a02d4071

/data/data/com.nicole.sdkmoon/databases/tanks.db-wal

MD5 68c4c18915e7b4481dcb6c8825769776
SHA1 f07fce9d3fc187cff4efe268a3e6aaf6a15be0e4
SHA256 50142dc8f55d77dc17e3296fcb423707425dd21db92d730ef3af3229cfe3cdf6
SHA512 f3260e97e409ed2f0bfb7938909eb5677f534a7c3a08efbca044285ae646be3c6153fb1b0ef5043d8217b1f180c2a40fe983ef34e569e4e38fc5e440779da8d2

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 16:25

Reported

2024-06-12 16:28

Platform

android-x64-20240611.1-en

Max time kernel

177s

Max time network

151s

Command Line

com.nicole.sdkmoon

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /storage/emulated/0/.teapot-1364008328/p1.jar N/A N/A
N/A /storage/emulated/0/.teapot-1364008328/p3.jar N/A N/A
N/A /storage/emulated/0/.teapot-1364008328/p4.jar N/A N/A
N/A /storage/emulated/0/.teapot-1364008328/p1.jar N/A N/A
N/A /storage/emulated/0/.teapot-1364008328/p4.jar N/A N/A
N/A /storage/emulated/0/.teapot-1364008328/p1.jar N/A N/A
N/A /storage/emulated/0/.teapot-1364008328/p4.jar N/A N/A
N/A /storage/emulated/0/.teapot-1364008328/p1.jar N/A N/A
N/A /storage/emulated/0/.teapot-1364008328/p4.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.nicole.sdkmoon

com.nicole.sdkmoon:dog_service

com.nicole.sdkmoon:dog_service

com.nicole.sdkmoon:proxy_service

com.nicole.sdkmoon:proxy_service

com.nicole.sdkmoon:proxy_service

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 adlayt.cfglab.com udp
US 64.91.248.18:80 adlayt.cfglab.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 ww1.cfglab.com udp
DE 64.190.63.136:80 ww1.cfglab.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.178:80 alog.umeng.com tcp
GB 142.250.200.10:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
US 1.1.1.1:53 tk.adtsk.mobi udp
US 44.200.43.61:80 tk.adtsk.mobi tcp
US 1.1.1.1:53 hot.xsech.xyz udp
US 54.244.188.177:80 hot.xsech.xyz tcp
US 54.244.188.177:80 hot.xsech.xyz tcp
US 1.1.1.1:53 alog.umeng.co udp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
GB 142.250.200.46:443 tcp
GB 216.58.212.238:443 tcp
GB 142.250.200.2:443 tcp

Files

/data/data/com.nicole.sdkmoon/databases/cc/cc.db-journal

MD5 76466552c9c8947a94e61f06051cb124
SHA1 1022eb73408e87cdfa785b0496d4ee0f22884d14
SHA256 18b60859fedfc553ab1f637825c7ab53280464adaf8b7a94888922407cc7bd53
SHA512 aa6265f0f1b73ec4b5c308de60689b286d3f98aeb5a1051c5b41104a483b17e7dd95c0deceae17d59492d023e85f6fd8722fc97779d7128bfc41ac3d2a510e10

/data/data/com.nicole.sdkmoon/databases/cc/cc.db

MD5 0908e924aa236931dc7166fef6e00862
SHA1 7782648d6d8f6e835bd47058d4852932c096a467
SHA256 38f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f
SHA512 3c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee

/data/data/com.nicole.sdkmoon/databases/cc/cc.db-journal

MD5 fcea2653cd1337d35d5297db5009cb61
SHA1 8bbf609a5d7c3c3f500e8f14a4488c89986e15bf
SHA256 2db86872a4ffe42050b54b92a477238ce7b2e0a44c1b0bac5655bfe204b688c6
SHA512 a619a5a5cf3d28cd16a9530cdb31ec4ae7a0e9ceed852b5989c0e75e0bb66295647bde36971ba7c0c006d58b524b294baf52c505fd5245e9eea29659de553427

/data/data/com.nicole.sdkmoon/databases/cc/cc.db-journal

MD5 db913ea711533e200747322bb66af1f2
SHA1 aa129e198101b24ae5bc48b7c1699f551a709b5d
SHA256 fb78a4a35b5d032786e9def6b5a9f473e99167c10fda7c347fee8008854b84be
SHA512 68038af04e93af4b8d69b974f841b1b8c1e3fe622b57b49266b71bd4a7a7d8d8449ac233ffb7f81e98a65b3b157c50cd4d402d9374d952ea6d6ca5e453eb59ca

/storage/emulated/0/.a/track_id.bin

MD5 1418a4dbcb1afd095b8d9cb1a32eafe7
SHA1 3d043c28014daf68bdfba89230ae82ea07592104
SHA256 677b6721017f1ec9d12c6147507d935786f8b21b5294a9572f5ca362cfa2e00e
SHA512 84de0178d7b0f573f4ed6e3d5ad7b6e491c4f44ea8838e3de417c95fe1d3c9762688c82ca9bf44ac8afbe2b650aa8cff5ce31dc4fbdba117938ce9990eec2f9b

/storage/emulated/0/.teapot-1364008328/p1.jar

MD5 f4343d42a561922d590624d07c4d139f
SHA1 81451ea5e1818ff8ffbb51c62cd638e56ace92fa
SHA256 408f47b2a45858c418b1277d962ba4c7b0a88fa7729915ab96818a58a695c472
SHA512 23401825d8a24a7aa28eba68cee81fa3e68d4d0ffae4a5d89cb2a44deba59f613dea8229ef841c6753249b372333c8353091cc6cedf9afeeaa64078342fed0c9

/storage/emulated/0/.teapot-1364008328/p3.jar

MD5 a3d96f7f321a3928262788df5a7e7dea
SHA1 62f01be413ef3a26fc60654f95c484b5d66576a5
SHA256 adf99270ed3c95afe59365623807965205cf9d852a62d15d27de1da50d59e376
SHA512 f1f01173c7264afff2f6721df329980c4e32c90aa01ece5376e661fe6c02e48cc90734b8bbf9e3984800e26a6adf3581783537823a0ef6d955368bdb12f4b79b

/storage/emulated/0/.teapot-1364008328/p4.jar

MD5 bc85b12655de531728f8c6671c65b7d6
SHA1 d56cf4d7206817884435e431cc692d94c3954550
SHA256 ca90b0a4ec6b5bc9576d8578057702b2a6f56dff7f41ef23204e58140fbcf9d7
SHA512 d8239e987fcd8dd23c62bf50edc6471a6a5b70fa96cc7c0ea6b9c223e0b5377641ec9c7beb707b0247e9ecb7b89144c6a07ccd70eec0d78ead63bb226b60af56

/data/data/com.nicole.sdkmoon/files/umeng_it.cache

MD5 240444ae869d1d7f205ac0b7d26f4f98
SHA1 66614534b8e8d4192b4b03f330b150e4cd675456
SHA256 f24f88c788e1ff72a8e8d4ddfbda79a9e9ad0278fcdb7eea59b8b0501e0128d1
SHA512 cc6aa2a826a6409d8a10a5cd34894f11ecc47212665116e8896e6691e7dc0c963163ab2742bd67d50a4dfe8d268826c2603e40a2689f36a96d853ce5897a5b8e

/data/data/com.nicole.sdkmoon/files/.umeng/exchangeIdentity.json

MD5 92f4be751517ccc2b77af33338c01fcb
SHA1 24c08dfcd58b9f6d9f7a578951188696ce2897a5
SHA256 2b29c8853922d3d25637a5ff8640b8ea999bce78cc7566f9ff16b48e9cbc846f
SHA512 831caa6f995067bc427e6160973a811dc0bfe3296089e3bf57ba041e4d4f75db18f5f8201c27a840a5e42e80a6288018c6e0b8d76b1752f66df4103e5c0a5707

/data/data/com.nicole.sdkmoon/databases/cc/cc.db-journal

MD5 16e2c836464cc415574a03a56ebd8279
SHA1 8579a055161dcdbc8cbf812219efcc241130b6e9
SHA256 370b943d0f0a30df57126cec5b927b6c4c14d884314c9e647cf7b6e72999f2b6
SHA512 52109be72769993c4e105a37178505af010917b55030220406bc504f3b1be30d013792fe09d5b4264b1a985bab01eb7f242aa5107926cd7cfb120824e8af30b5

/data/data/com.nicole.sdkmoon/databases/cc/cc.db

MD5 67c12933d1e0e63d9801a6aa43092ce7
SHA1 b6936908554e4a1986b8eb08289e2d3545e8ff74
SHA256 abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40
SHA512 db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd

/data/data/com.nicole.sdkmoon/databases/cc/cc.db-journal

MD5 a8448d9c136dcf524a045e82d8f36ea6
SHA1 032f44a4fe47393368fa84a584b95b95ca8b21b3
SHA256 cc471a3ff208148f20d68fdf98fe381bfbfa056d8cdde583467e4b8b5fe0db32
SHA512 5b2b5d749f07054492890c4e9b6741f8c11e0749503e292102ae8bc8f48f5ac80fd6be4f54df7a427180fb3376b8611853ab9bb5ccbccf09bdec78eacf19f58a

/data/data/com.nicole.sdkmoon/databases/cc/cc.db-journal

MD5 7b6a5bb4ccf8c2aaaf2d80f6a21a1ea5
SHA1 3f086d83338b91cdb531a513cb84ab2974f979e6
SHA256 b51bd7bcb76af8619e652878b8e4bc092da399ec162f6091515cb34251cd586f
SHA512 b637fb87cd1861fd003c0e5843822e8f3bfbaae6d903aaad3bf978e8ca20307a39473f7ec950f1b7abe6e0a97ce26b2a0726085d307d1f273e1042326dd3af28

/data/data/com.nicole.sdkmoon/files/mobclick_agent_cached_com.nicole.sdkmoon1

MD5 bba22cb7d45f881ecc059a63f580a431
SHA1 fb4cd2a9dcb5b077ee61dbde8f414c6ec3a49c0f
SHA256 3f57d84397805fe50588474945a94ce0aed6e2672b896d11266de272b0afac42
SHA512 1ef6ba9429bc0868b6b1ba7b3581bdebe520524f431d4fd649955759a9f50f2208bca2131d74f0d3d54ce833a128a3d27b13c0f27e2ef52c6630b06a9a6d77f0

/storage/emulated/0/.teapot-1364008328/p1.jar

MD5 10700be83f3356588e410d245c59b808
SHA1 729384d7eebc41a46fd61469014ab5449457822f
SHA256 6d0031de569a271501b08aa397e058d7247cec0073213c3efdfb3400d264e7ae
SHA512 c87e7f6cde9e94d72b70760f663e37c1f2247b0eda48d97744da9c5b7ddc2b9b4db97c3bc592acdbb764bfc504066b9322d8524bfddc75d15fbddd75fe038de0

/storage/emulated/0/.teapot-1364008328/p3.jar

MD5 73c9f0f489ad01bf603ad3551afa66ce
SHA1 5aed3ec02883deb2b4d2406b4b8cf7c999bf2d38
SHA256 0a6c9055d54fbca58339ed6837575c8244712fad7f55ab368e50f68f3dc8eccc
SHA512 4001af02e19551285b43f90386f215964dd9bf1e87b7596c66f64e884c5bb314360777bf7325c66d5d6dec1278ae4702ea730f9b5f65b9e10307daf065e37d56

/storage/emulated/0/.teapot-1364008328/p4.jar

MD5 a283be10f33c65d63da3b33a79fbde31
SHA1 32e100729d75151ed8f55cf43bf1a99924f9acb3
SHA256 ae337d6a8048b3c58a1eee084866a97b03360a5799c262a6a4071012284f5f80
SHA512 42b51a83a7aef421b19f49f617e316a7b1ddefae53aa1cac85514cf1befd1fee864b823e2331089bcd84225d1901a37da14df63251d3a2cd354a8c0b5b3cc7d5

/data/data/com.nicole.sdkmoon/files/pvgxuf

MD5 74748fd79ba40c0caadae2ad09576182
SHA1 8a7ed31f864739539c14b8bb2ec6a1599664d1bc
SHA256 fbff76c1fe3e52a1a90c6dfaf970cb5950ea16b171fc3caddec7a8f58cdea9c8
SHA512 bbd8a4546cc5da558c84b3b8b3cd62792a13ee3292c452c82d71b24cec89478fef497aa2d4c895b64e650ebda7e9b2452753fbc0f4e85aa09fb299664e92b2c7

/data/data/com.nicole.sdkmoon/files/pvgxuf

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.nicole.sdkmoon/files/.um/um_cache_1718209542583.env

MD5 a85093888572f2c8dc066ac6197f131c
SHA1 91fa4491d89d774eaec0737c6f98354c1f76d766
SHA256 3139cd2eae0ef5e8a0876a46af6b7973f7bf2b98b8635ae791195e6520ff0b54
SHA512 15a3db91ae984d61c6661f9c81d976147b429e5d0cf3418773c0d1a8983d80a15b771ea8743085011041af89816015b6e5d116dc42e50818fe775d572aa69188

/data/data/com.nicole.sdkmoon/files/mobclick_agent_cached_com.nicole.sdkmoon1

MD5 22a4811d6da3ca4ebdcc7ccc0b98d906
SHA1 69eef5af92347f5886540a4c3a026b9d0e176a77
SHA256 89aabbca7d8003b7d52985e88d19e18203bdd490436230814b8366458be110f2
SHA512 d82ac174f66847ab4f8552b0a8a41b8ea9c485be26043b6a27d6f2ca3ef1c71afebf213d8435dca92ad2c4adbe048562c1b38f69c1a1c36d023016ea27b8ebf9

/data/data/com.nicole.sdkmoon/databases/tanks.db-journal

MD5 f7037817416a1825f55c0b7f88cdd742
SHA1 0db9de74e4e11c5765910c2916c613f0f4e7fff7
SHA256 00bda5cbe8b2de9b26f4ff5dc9736dafe3dfafd26b0d23c4ce7fc9fda5c0381d
SHA512 88fd6eb491f065210eead3084202fd5a5dfee5e9e6a13dc0460fc7b5c32949cd5e0f28910fbe8f464269f1c9c7b3acfbab8cc0e5162221497c16170cbc78b7c1

/data/data/com.nicole.sdkmoon/databases/tanks.db

MD5 4407717467e3987b8645846d912160b3
SHA1 fdf3d192178dd287a90569b3d7ba4259ee59a328
SHA256 b7f56770fcda9d083b50868afa79426a927e9881f02352d29c58d319ea969264
SHA512 8c0b39bee3bc4bbd9c4530963010db2536e5876e90db13fe095a35c8953925067459bbe100bab184c980d862f34cc01029eb11b947c0e65b33e1b6ffa5f02de3

/data/data/com.nicole.sdkmoon/databases/tanks.db-journal

MD5 c12fe2f39c90b6c0431e1ede95aaac0c
SHA1 542e8cd5070e65ed8e461423d1832c14f2c21054
SHA256 747e0d1e020e09fe8202c107e6be9552bfd498881ff071c7adea1ce9e2e441c3
SHA512 fbe814f0f401930c6c6cae15397781b1f322a526c66b49b82596f7051fd92fae8874a1c2f0818eb57f3460c0948f9ac85a38ac3bd216d3f4f11ab07f73bc61e6

/data/data/com.nicole.sdkmoon/databases/tanks.db-journal

MD5 ee9c4b21984fe21905ad8ab524564795
SHA1 0a5ccb5a04c5c27d30d36c5cfafb9f77163fcc17
SHA256 ef28c7eec2792789985accb36817105442806f5cd2fdc6b37d3ce94574426946
SHA512 b357bdf7583c99fd56b9e7f95387e57b4f1c3fe3fafa9d8745783b0830b7621565fa28095e11c3a254ddad06259823e0f3cd7ff93ae5433c6dbdfe042be5f266

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-12 16:25

Reported

2024-06-12 16:28

Platform

android-x64-arm64-20240611.1-en

Max time kernel

12s

Max time network

143s

Command Line

com.nicole.sdkmoon

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.nicole.sdkmoon

com.nicole.sdkmoon:dog_service

com.nicole.sdkmoon:dog_service

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 adlayt.cfglab.com udp
US 64.91.248.18:80 adlayt.cfglab.com tcp
US 1.1.1.1:53 ww7.cfglab.com udp
US 199.59.243.226:80 ww7.cfglab.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.179:80 alog.umeng.com tcp
GB 216.58.212.196:443 tcp
GB 216.58.212.196:443 tcp

Files

/data/data/com.nicole.sdkmoon/databases/cc/cc.db-journal

MD5 82b478b3ea93a3cdaa25fe92806f9a1a
SHA1 5f070fe5455c53b1d216618406b68796b18c742d
SHA256 d2c3fa95a94555f819be13a212d5ca73a429e13ca52e3e9f0083eb6c25a5577b
SHA512 120bd7e18a4cedb6e1c4b4baa3ab73088d9e127af0d0348c00b8b3d357ca83937cad17983d696ed875c961610ec276cf8af571fe5a3b2758b1d5231fee754585

/data/data/com.nicole.sdkmoon/databases/cc/cc.db

MD5 4cfe777c9f6e7859f5efe2197401d8e5
SHA1 bb3774e8879ad5f6db0c37f151c3d6bc7b4b207a
SHA256 c422190539b6414072fc3950da19a17985c0c4c2172740b2f74682b520af5231
SHA512 6be469864edaf8eaa110f618f8abd27962da92e20945dcd38073ade2b60b10f00552d54d5db9d9f75ca133213031030e71e2e30113ff033e5ef507a28fe0b1de

/data/data/com.nicole.sdkmoon/databases/cc/cc.db-journal

MD5 b6b4877195dd07022ffcc7a03f02e915
SHA1 d81894009719ecec4baff50782b570e0c0f6a978
SHA256 e0e6dca55210cd767344c4560d21f4d836a56bacb7949292d6e0aeb42116da55
SHA512 804a48af207c488d7681250b43728002c42c48c7105d35681bb2bf40d487810c24bee2496b47633a9267f11946621ef343b6aa769516b64836df2a10d9e73394

/data/data/com.nicole.sdkmoon/databases/cc/cc.db-journal

MD5 a386c615e92ce37c8d75d1be74e51a33
SHA1 bbde402a2dd7cdcca64b8f796362dfe789fb5d18
SHA256 aa62c81d58f6510891d72df3ba2158b2de4137cb27d5d8decf79e5888c42771e
SHA512 d4558063ea9fc1ad7ae963c1ff509f566cb13bba311f775561e8bcab437124b3ed5293b1b7b8726bec0126f784d037c1e410138ead5e0d6542cba49166312449

/storage/emulated/0/.a/track_id.bin

MD5 3826638e175f671be9571c1775aed39b
SHA1 08a56869f63dfb67e6015eed3cb53a9d8df56983
SHA256 6efd6a9ec245507d7030a5f2422af35747123ae7fe904d18231253e57bfbcc3c
SHA512 f49b2ed76bce4e57f0975407e73d1164fb1a2c35518f0f33c1365c38432163f17795d83f3fcac5e1050ed9df087628301b559832ff2839a982cc37e409b1fd79

/storage/emulated/0/.teapot-1364008328/p1.jar

MD5 f4343d42a561922d590624d07c4d139f
SHA1 81451ea5e1818ff8ffbb51c62cd638e56ace92fa
SHA256 408f47b2a45858c418b1277d962ba4c7b0a88fa7729915ab96818a58a695c472
SHA512 23401825d8a24a7aa28eba68cee81fa3e68d4d0ffae4a5d89cb2a44deba59f613dea8229ef841c6753249b372333c8353091cc6cedf9afeeaa64078342fed0c9

/storage/emulated/0/.teapot-1364008328/p3.jar

MD5 a3d96f7f321a3928262788df5a7e7dea
SHA1 62f01be413ef3a26fc60654f95c484b5d66576a5
SHA256 adf99270ed3c95afe59365623807965205cf9d852a62d15d27de1da50d59e376
SHA512 f1f01173c7264afff2f6721df329980c4e32c90aa01ece5376e661fe6c02e48cc90734b8bbf9e3984800e26a6adf3581783537823a0ef6d955368bdb12f4b79b

/storage/emulated/0/.teapot-1364008328/p4.jar

MD5 bc85b12655de531728f8c6671c65b7d6
SHA1 d56cf4d7206817884435e431cc692d94c3954550
SHA256 ca90b0a4ec6b5bc9576d8578057702b2a6f56dff7f41ef23204e58140fbcf9d7
SHA512 d8239e987fcd8dd23c62bf50edc6471a6a5b70fa96cc7c0ea6b9c223e0b5377641ec9c7beb707b0247e9ecb7b89144c6a07ccd70eec0d78ead63bb226b60af56

/data/user/0/com.nicole.sdkmoon/files/umeng_it.cache

MD5 1c82dfe3f97acd9194601c75c7c214ea
SHA1 f5994fc271a3f2a82909294a5850d6129341fab4
SHA256 057e050d0e8c8b0314047b537d784342a2c411c7d1884730fec32b723df7130b
SHA512 d5f077fc042fae227af5dfd8c1875393dd51856ce96ec9dd7c3f613e36d19eeae727cedcbe81c7cc1d69eb8586242bc0482d76c8b78f65b47a4a857b4297b3d7

/data/user/0/com.nicole.sdkmoon/files/.umeng/exchangeIdentity.json

MD5 4fd659de4b100ad68505adcc89c04730
SHA1 7c05483616bb89aa770a464d880601b7b5b7c30e
SHA256 914d1628fc39f4a0b7958b7555b082cacc8f33e7fba21d61a7a5f738eb105b28
SHA512 e5164f18259246d05f0415d2162af7b3b1c23c26dc396a28dab5a2c21ac365ed7fc9285f311ba4ee49597e95b7dbe2c8ae6439b24508a38a323e5ff7a3f35f4c

/data/data/com.nicole.sdkmoon/databases/cc/cc.db-journal

MD5 be69a021d9ccb0fc02a283a85b219216
SHA1 8ac13de5e2c72fef23d72874954676ceab7e45b6
SHA256 9e73f437d37b9823992711fbfbf5c0c6ba8a18444b3c2ca148774ad2a7628490
SHA512 1c6b606a1f02674bf7b00e94d12797d10d19a1759ffe2e7bcc911980bf04ddfdeeddaa120d3b9471506975cd310bd0a8690ed20190f06186d1f0af46f7f0d084

/data/data/com.nicole.sdkmoon/databases/cc/cc.db

MD5 86752a4be6564d8370f2f0e403995003
SHA1 29f7d50675f6e59f3b808eb6dcc8619384412115
SHA256 50484dcdc6b9c2801773018386a8143a52a5153eb2eeeaf5be8bbe46a49ca90c
SHA512 79c9435c1e0d41a3f97784be3e5a3cd8c0bd2d32ecdf326808bacb00c76d876d0447617d6e72ef04cd4b996c92eda4eb7bb200987ae7928ce2e0e7c8e807a5ec

/data/data/com.nicole.sdkmoon/databases/cc/cc.db-journal

MD5 20694874b7c5bf4def60d7ee8c11ac9c
SHA1 6d40069fe549e7f415cbf01163f54b75ef897ece
SHA256 0af39642d7dea393d4a3eefd21679a22a7a634f6d95edf7a5b7cc1c2368f41e3
SHA512 c8b64e8ec67b8028a535e2c16b3d26a8a6d9b6465abe0321a4e652e2852684a3833d5f9ff058939e1608a08b34f910b538f518ebca2b405447fabf7b51eba670

/data/data/com.nicole.sdkmoon/databases/cc/cc.db-journal

MD5 4b55cbdbc1c51d4b413e7cffea1c88f9
SHA1 e07ea03fea73445f8d532ffd979f8475748e5bfa
SHA256 b3e83ed14f5d7726d9361e6c602c59a429b659b021c185086be7b70532bde392
SHA512 7e2d0692d2a2b83ebc4e192022134ecb60945b6c05cbed5ca3cbcbae8b1b646b0fc16af547ae3532353cc9d36cce7e8ca88d954726f49be23dd735f4009aaa3e